CVE-2020-9734

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager (AEM) Forms add-on versions 6.5.5.0 and below Adobe Experience Manager (AEM) Forms add-on versions 6.4.8.1 and below

Description The issue is related to a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. The vulnerability is also described as being related to insufficient protection of the web page structure, which may allow a remote attacker to execute arbitrary JavaScript code in a user's browser.

Recommendations For versions 6.5.5.0 and below, update to a version above 6.5.5.0 to resolve the issue. For versions 6.4.8.1 and below, update to a version above 6.4.8.1 to resolve the issue. As a temporary workaround, consider restricting access to the Forms component for users with 'Author' privileges until a patch is available. Avoid using fields associated with the Forms component that may contain malicious scripts until the issue is resolved.